From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45075)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1Yssdj-0006BR-Nv
	for qemu-devel@nongnu.org; Thu, 14 May 2015 08:53:28 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1Yssdg-0006uI-FN
	for qemu-devel@nongnu.org; Thu, 14 May 2015 08:53:27 -0400
Received: from mx1.redhat.com ([209.132.183.28]:38020)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1Yssdg-0006tt-Ac
	for qemu-devel@nongnu.org; Thu, 14 May 2015 08:53:24 -0400
Message-ID: <55549ABD.2050202@redhat.com>
Date: Thu, 14 May 2015 14:53:17 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <alpine.DEB.2.02.1505131826580.20496@kaball.uk.xensource.com>	<20150513174204.GS23627@redhat.com>	<alpine.DEB.2.02.1505131853420.20496@kaball.uk.xensource.com>	<5553C651.4060000@redhat.com>	<alpine.DEB.2.02.1505141206530.20496@kaball.uk.xensource.com>	<20150514111825.GE3441@redhat.com>	<878ucr4bb7.fsf@blackfin.pond.sub.org>
	<555490EE.1040802@redhat.com>
	<87egmjz5sl.fsf@blackfin.pond.sub.org>
In-Reply-To: <87egmjz5sl.fsf@blackfin.pond.sub.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] Do not emulate a floppy drive when
	-nodefaults
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Markus Armbruster <armbru@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, xen-devel@lists.xensource.com, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, mst@redhat.com, qemu-devel@nongnu.org, John Snow <jsnow@redhat.com>, rth@twiddle.net



On 14/05/2015 14:45, Markus Armbruster wrote:
> Paolo Bonzini <pbonzini@redhat.com> writes:
>=20
>> On 14/05/2015 14:02, Markus Armbruster wrote:
>>>   It should certainly be off for pc-q35-2.4 and newer.  Real Q35 boar=
ds
>>>   commonly don't have an FDC (depends on the Super I/O chip used).
>>>
>>>   We may want to keep it off for pc-i440fx-2.4 and newer.  I doubt
>>>   there's a real i440FX without an FDC, but our virtual i440FX is qui=
te
>>>   unlike a real one in other ways already.
>>
>> That would break libvirt for people upgrading from 2.3 to 2.4.  So it'=
s
>> more like pc-i440fx-3.0 and pc-q35-3.0.
>=20
> What exactly breaks when?

libvirt expects "-nodefaults -drive if=3Dnone,id=3Dfdd0,... -global
isa-fdc.driveA=3Dfdd0" to result in a machine with a working FDD.  It
doesn't know that it has to add "-machine fdc=3Don".

Besides, adding a new machine option is not the best we can do.  If the
default is "no FDC", all that is needed to add one back is -device.  An
FDC is yet another ISA device, it is possible to create one with -device.

> add the magic to make -global isa-fdc... auto-set the option to on.

That would be ugly magic.

The more I think about this, the more I think this is just a kneejerk
reaction to a sensationalist announcement.  The effect of this
vulnerability on properly configured data centers (running
non-prehistoric versions of Xen or KVM and using
stubdom/SELinux/AppArmor properly) should be really close to zero.

It's a storm in a tea cup.

Paolo

>>                                          Unless for q35 we decide to
>> break everything and retroactively nuke the controller.
>>
>> (I'm still not sure why we have backwards-compatible machine types for=
 q35).
>=20
> Beats me :)
>=20
> [...]
>=20